Interesting Article on SMTP
- From NewsScan.
IS SMTP READY FOR RETIREMENT?
The Simple Mail Transfer Protocol (SMTP) has served the online universe
loyally for more than two decades, but some security experts are now saying
it's time for a replacement. SMTP's flaw? It's too trusting. It makes the
assumption that an e-mail sender is who she says she is -- a characteristic
that is blamed in part for enabling more spam-mail. Suzanne Sluizer, a
co-author of SMTP's immediate predecessor, the Mail Transport Protocol,
says the e-mail environment for which SMTP was designed was very different.
"It was a trusted situation, and the protocols were developed on the basis
of that trust. So it's very surprising to me that we are using the same
protocols coming up on 25 years later, because you need different things in
a commercial environment than you need in a research environment," says
Sluizer. "I would suggest they just write a new protocol from the
beginning. In my experience in computers& trying to fix problems in the
existing thing is almost always more difficult than just sitting down and
thinking about what you want and coming up with something new." And while
some experts say rewriting SMTP from the ground up would be prohibitively
cumbersome, given the old protocol's installed user base comprising
hundreds of millions of people, Sluizer contends that problem could solved
by implementing a tandem system using two protocols -- SMTP and a new one,
with tighter authentication -- with e-mail applications supporting both
side by side. (CNet News.com 1 Aug 2003)